how to become a penetration tester - elearnsecurity whitepaper

Copyright 78118 © 2015 eLearnSecurity S.R.L. All rights reserved. This material may not be reproduced, displayed, modified or distributed without eLearnSecurity’s express consent. For more information, please visit: www.eLearnSecurity.com.

HOW TO BECOME A PENETRATION TESTER Introduction to a Career in IT Security | Whitepaper

HOW TO BECOME A PENETRATION TESTER - An eLearnSecurity Whitepaper 2


Threats in the Real World

Risks of the Threats

Prevention Strategies - Solutions

What is Penetration Testing?

Job Description of a Penetration Tester

Writing Reports and Communicating Effectively

Black Hat Hacker, White Hat Hacker and Penetration Tester Defined

Think Like a Hacker to Catch One

Employment Options

Salary of Pentesters

Working as a Penetration Tester: The Good and The Bad

Demand for Penetration Testers in the Market

How do I become a Penetration Tester?

Learn by Doing

How to Gain the Experience

Afterword

http://www.elearnsecurity.com/



Companies, governments, financial institutions, hospitals, military and other businesses are using advanced

technologies to store and process a great deal of confidential data on computers and mobile devices. These data

are transmitted across networks to other computers. Corporations pay a premium to safeguard records and

ensure that systems are protected.

An even more important sector, aside from companies and businesses, is national security. The government is

faced with threats from global cyber syndicates, hackers for hire, terrorists and state-sponsored hackers. It is a

different war as these crimes involve seeking state secrets, technologies, ideas and classified information.

Malicious attacks can be executed simply from a laptop so practically anyone who has the knowledge and skills

to committing these crimes can do so at the comfort of their home. Therefore, it is a MUST to protect sensitive

information and avoid putting the business or organization at risk.

Financial loss is a major risk of these cyber threats. On top of this,

the reputation built by a company is also affected. Some attacks

involve stealing customer information and this results to lack of

consumer confidence. Top secret documents can be claimed by

the wrong hands so intellectual property loss is another risk if you

are not careful enough.

As of February 2015, the Sony Pictures data breach last

November 2014 cost them $15 million so far.

Retail Company Target reports a total of $148 million in costs

since December 2013 after debit and credit card information of

their customers were compromised.

Financial services firm, JP Morgan Chase, had more than 80

million customer accounts accessed when their data breach was

reported in July 2014.

The list goes on and these only involve top companies. What

about the ones that are not headlining the news? What about

attacks on the government and cyber espionage?

Cybersecurity is not only a basic necessity, but a major priority to

protect ourselves from these outbreaks.


http://www.cnet.com/news/sony-pictures-hack-to-cost-the-company-only-15-million/

http://www.forbes.com/sites/samanthasharf/2014/08/05/target-shares-tumble-as-retailer-reveals-cost-of-data-breach/

http://www.ibtimes.com/jp-morgan-chase-cyberattack-more-80-million-accounts-compromised-says-new-report-bank-hack-1698834

http://www.ibtimes.com/jp-morgan-chase-cyberattack-more-80-million-accounts-compromised-says-new-report-bank-hack-1698834



Having the right IT infrastructure is critical to strengthen cybersecurity and there are three main classifications to

prevent various forms of cyberattacks: hardware solutions, software solutions and smart-thinking solutions.

Hardware Solutions – USB dongles, disabling ports, drive locks, mobile-enabled access etc. provide the

physical assurance that networks and systems can only be accessed by authorized persons using these

devices.

Software Solutions – Viruses, worms, denial of service (DOS) attacks, phishing, etc. are some forms of

cyber-attacks and countermeasures for them are anti-virus software, firewalls, intrusion detection &

prevention systems, data encryption, etc. Keeping software up-to-date is also necessary to constantly

combat new and advanced attacks.

Smart-Thinking Solutions – Another major component in ensuring an effective strategy to prevent

cyberattacks is assigning capable people to manage the technology. IT Security teams are a critical part in

the corporate structure to control both hardware and software. You may have the latest gadgets and

technologies, but if you do not know how to operate them, they are useless. Aside from operating these

technologies, the IT Security expert should be able to maintain them in their top form.

One of the steps that companies make to ensure that their system is up-to-date is by hiring a penetration tester.

This is where YOU come in.




A penetration test, also known in its short form as a "pentest", is the process that aims to evaluate the security of one or more assets (such as the IT infrastructure, a web application, a mobile application, a software and so on) by running a series of planned attacks with the goal of finding and exploiting vulnerabilities. The areas where a tester could get into a system during a penetration test can be very wide: going from testing the Operating Systems or the appliance configurations to Social Engineering attacks that aim to 'exploit' human vulnerabilities. But the penetration test is not only about attacks! A professional pentest includes proper analysis and reporting with the goal of improving overall security.

A penetration tester is a professional who conducts the penetration test and creates one or more reports about findings and vulnerabilities, classifies the severity of the risks (high risk, medium risk, low risk) and explains the reasons why these risks are vulnerable. An analysis report is created and delivered to the company, educating executives and the IT department what needs to be done in order to solve the researched security flaws. As an important note, pentesters do not fix, but mainly report the vulnerabilities. They do not change anything in the system, they report the weak spots. A good pentester provides recommendations and advises the most suitable and cost-effective countermeasures to the vulnerabilities discovered. They can share their ideas on hardware, software and methodologies the company should use, and help ensure the investments done for the company are worth it.




Reporting is an integral part of this job position. After identifying and classifying

the risks of the vulnerabilities, the penetration tester should be able to

communicate them on a CEO level – making sure that the report is understandable

to the C-Level Management of a company.

Not all of the management of a company speak IT. Hence, the pentester should

be able to explain carefully and effectively the risks of these security flaws;

avoiding jargon and describing the report to the CEO-level who makes the final

business decisions.

There might be some confusion with the terms used to describe a penetration

tester. Sometimes, it is referred to as an Ethical Hacker or a White Hat Hacker.

Among these terms, clearly, a penetration tester is far from being labeled as a

Black Hat Hacker. To help you understand better, here are the differences.

Black Hat Hacker – A Black Hat Hacker only needs to find a single flaw in

whichever area in a system, attacks it, and uses the information for

personal gain or in bad faith (e.g. stealing information, selling classified

data).

White Hat hacker / Ethical Hacker – A White Hat Hacker (also termed as

an Ethical Hacker) also finds a single flaw in a system, but uses the

information to help improve the system (e.g. reporting the flaw to the

company).

Penetration Tester – A Pentester has to find ALL flaws in a system, write

them down, create a report, and include details on how the hack was

executed and how it can be replicated.

Hackers (whether Black Hats or White Hats) only need to find one vulnerability

flaw and they attack everywhere. How they use the discovered vulnerability is

what differentiates one (White Hat = Good) from the other (Black Hat = Bad).

Penetration Testers, on the other hand, are the most-skilled compared to Black

Hat Hackers or White Hat Hackers as they need to find ALL vulnerabilities. The

scope of penetration testers is focused on a particular area in a

system/network/application, yet they have to scan all possible doorways.

“My crime is that of curiosity.

My crime is that of judging

people by what they say and

think, not what they look like.

My crime is that of

outsmarting you, something

that you will never forgive me

for.”

- Excerpt from the

Hacker’s Manifesto

“Hacking is NOT equal to

penetration testing. It's not.

Penetration testing involves

methodology and reporting,

risk assessment and

presentation of findings.

Penetration testing is not just

about getting root.”

Armando Romeo

eLearnSecurity CEO and

Founder


http://phrack.org/issues/7/3.html

https://www.linkedin.com/in/armandoromeo



A penetration tester needs to think like a hacker and use many of the same techniques that a hacker does. But unlike hackers, a penetration tester works under strict rules of engagement – you go into specific areas only, and have limits on your actions. The purpose is to discover weaknesses, not break into the system for its own sake. You are the professional here, and definitely the good guy.




There are various ways for you to get work as a pen tester. This is a skill-based job and the more skills and experiences you have, the more will your value increase. Here are some ways to get hired. Freelance – You get paid by project by

companies that want you to look into their system.

IT Security Service Company – You are working as a third-party contractor providing penetration testing as a service.

In-House Employee – You are directly hired by the company as part of the IT Security department to conduct regular penetration tests of the system.

How much does a Penetration Tester Earn?

Standard penetration tests can range between

$10,000 to $15,000 (and more) if done as a service

by a company. As a freelancer, you can get paid per

hour of service or per project. Cost would depend on

the size and scope of the penetration test.

According to PayScale, the average Penetration

Tester salary in the US is $74,150 per year.

Depending on your expertise and experience, it can

be more or less.

The highest paying skills associated with this job deal

with Network Security Management, Web Security

& Encryption, and Security Testing & Auditing.

- Average Pentester Salary

in the USA by Payscale


http://www.payscale.com/research/US/Job=Penetration_Tester/Salary

http://www.payscale.com/research/US/Job=Penetration_Tester/Salaryhttp:/www.payscale.com/research/US/Job=Penetration_Tester/Salary



We conducted a research among penetration testers and asked them about the exciting and not-so-exciting

aspects of the job. We find it helpful that you hear it from these practicing professionals to give you a better

insight on some of the pros and cons of pentesting. Here’s what they have to say.

Note: Some of the penetration testers we contacted preferred to be Anonymous.

GOOD: The best part of being a penetration tester is

the obvious one. It is a challenging job, with a lot of

fun and interesting things to learn. It is always a

mind blowing task while one feels the excitement of

being a hacker without actually being the malicious

guy.

BAD: Now the drawback is that it is a very

responsible job. Mistakes can be critical to one's

career while sometimes it can be really stressful.

Furthermore reporting is a very difficult task in order

to prove that you are delivering quality services and

not just tool results.

– Emmanouil

GOOD: The thing that I like about being a pentester

is that this is my hobby and I am doing my hobby as

a job.

BAD: I don't like the reporting & legal stuff of the

engagements.

– Anonymous

GOOD: I love write my own exploits and code ;)

BAD: I don't like write the reports :)

– Anonymous

GOOD: Learning is the thing I love the most. Each

engagement leaves you some knowledge, and yet it

gives you the feeling that you know nothing.

BAD: Writing reports and interacting with

clients.

– Anonymous

GOOD: Each company uses different

technologies in infrastructure, network, mobile

phones and so on. The best part about being a

pentester is that you face new challenges every

day. Studying, testing, and reading a lot are a

must in this field, and I love it.

BAD: Some clients strongly believe that

compliance is security. The problem is that they

don't appreciate the real value of a good

penetration testing, because they only want to

tick a checkbox in their policies. This kind of

penetration testing is usually non-challenging

and pretty boring, because you don't have

enough time to test as you should test.

– Anonymous

Summarizing the comments from various pentesters, the least favorite part is writing reports. On the other hand,

the most favored is the intellectual and challenging aspect of finding vulnerabilities and learning as you progress

in this career.

If you manage all the data and information you gather during an engagement correctly, and if you know how to

structure your report correctly, writing it can be easier.


https://twitter.com/manosgavriil



According to a report by Ponemon Institute for CNNMoney, 47% of adults in the US had their personal

information exposed by hackers during the first half of 2014.

With the current situation in information security, businesses and organizations are hiring penetration testers to

test their networks, applications and computer systems. The claim for a secure environment could not be any

more demanding.

One of the great things about this job is that you do NOT need to have a college diploma/degree to become a

Pentester. However, you should have a deep interest in information security if you want to make it a career.

Penetration testing is a set of skills and in order to acquire this skillset, you can

Go to a school that offers this as a specialized course

Learn it from a mentor/instructor as an apprentice

Read about penetration testing in books/online (Check OWASP.org for FREE web application security

updates)

Practice training online (You can test your skills using Hack.me)

Regardless of the source, the end result should make you confident to conduct a penetration test in the real world.


http://money.cnn.com/2014/05/28/technology/security/hack-data-breach/

https://www.owasp.org/index.php/Main_Page

https://hack.me/



The most effective way to learn Penetration testing is to learn by doing

and not by reading. Look for a penetration testing course that provides

hands-on training. If you are working for a company, you can ask an

experienced IT Security expert to train you with practical exercises. You

can also request for virtual labs to be created so you can practice hacking.

If your IT team does not have the resources to create labs, you can search

for services online that do so. One example is the HERA Virtual Lab.

What do you do then when you do not have the experience? Gain it.

In the world of Information Technology, experience is an advantage

especially when landing a job. Search for training courses that offer not

only theories, but also practical training that will prepare you towards a

real-world penetration test.

There are a lot of things you can pick up online but it is time consuming

as resources are scattered everywhere. There are IT Security training

courses dedicated to penetration testing and they range from $50-

$10,000. It is good to find a course that properly explains the theories

and provides enough hands-on material with matching labs for you to

practice various exercise scenarios.

Exam certifications are available and it is up to you to find one that will

develop your skills to make you confident in conducting an actual

penetration test. A multiple-choice exam will test your acquired

knowledge, but it is more effective when you are tested based on

practical knowledge. Remember, you do not answer multiple-choice

questions when a company hires you.

A career in IT Security is one of the most in-demand jobs today. Having the skills to conduct security audits and

look into a company’s network and system also carries a lot of responsibility.

Learning penetration testing can be done via coursework, and will enhance your value to the organization. But

you need to select the right course; you want one that gives you practical experience and a comprehensive

understanding of where threats come from. You also want a course that delivers a solid foundation to analyze all

the ways a hacker might breach your security using various techniques.


https://www.elearnsecurity.com/virtual-labs/hera/

https://hack.me/

A leading innovator in the field of practical, hands-on IT security training.

Based in Pisa (Italy), Dubai (UAE) and in Santa Clara (USA), eLearnSecurity is a leading provider of IT security and

penetration testing courses including certifications for IT professionals.

eLearnSecurity's mission is to advance the career of IT security professionals by providing affordable and

comprehensive education and certification. All eLearnSecurity courses utilize engaging eLearning and the most

effective mix of theory, practice and methodology in IT security - all with real-world lessons that students can

immediately apply to build relevant skills and keep their organization’s data and systems safe. For more

information, visit https://www.eLearnSecurity.com.

Get a FREE trial of our Penetration Testing Professional Training course.

Penetration Testing Training (PTP) TRIAL

https://www.elearnsecurity.com/

https://www.elearnsecurity.com/course/penetration_testing/free_trial?sp_source=Social&sp_term=WhitepaperHTBAPT

https://www.facebook.com/pages/eLearnSecurity/159180800803756

https://www.linkedin.com/company/elearnsecurity

https://twitter.com/elearnsecurity

https://plus.google.com/b/117925559051641323298/117925559051641323298/

https://www.youtube.com/user/eLearnSecurity

how to become a penetration tester - elearnsecurity whitepaper

Documents